Here's the response I got from Sygate support about the loopback.

Discussion in 'other firewalls' started by notageek, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    The loopback problem is a serious one in my opinion ,because as other posters have noticed many apps can get through using the proxy.AVGs aginet.exe updater is another example and many others .I also believe that the reason its not been rectified in sygates firewall , is that it would take a a major overhaul of the firewall engine to correct it.My reasons for believing this is that if it were not so , they would have corrected it by now.To state that theres no risk or proven risk , and thats why they havent implemented it is a rather weak (and probably detrimental to sygates credibility)argument for not "fixing" it in my opinion.
    me
     
  2. SpaceCowboy

    SpaceCowboy Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    40
    you are correct. they have already said this.
    nobody from Sygate has ever said this.
     
  3. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I posted this before I will post this again. If you want to use Sygate and have a proxy running make sure you use SSM (system safety monitor)
     
  4. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,587
    Thanks space cowboy for correcting me, on sygates stance.I have browsed sygate forums on the loopback issue as i actually purchased a liscence for sygate a few months ago.I assumed that the loopback would work.My comments were based on general assumptions and replies made at the forum.Apologies.
    me
     
  5. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    This is a first, someone doubting Gibson's word. :)
     
  6. manythanks

    manythanks Guest

    I dont doubt his word, but dont you think it's a bit strange that Ste Gibson claims this is a very serious problem (application hijacking) and everyone else says it is a problem but the chances are very very rare, after all it;s not the firewall that catches Worms or trojans.

    Thanks
     
  7. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    LeakTest only tested the outbound blocking capabilities of a firewall. And as we know, while a software firewall is not an AT, if it has some form of outbound application approval and monitoring, an unapproved application seeking to connect to the net should be flagged by the firewall and be required to get user permission to connect to the net, as in ZA for example. (I'm not talking about some super trojan that is designed to bypass firewalls, just an ordinary common trojan or even something as banal as an AV updater or one of the many MS things that want to chatter on the net.) This is also how some people discover they have a trojan: when their firewall sees an unapproved program trying to connect to the net and calls their attention to it.

    LeakTest wasn't dealing with application "highjacking" per se, although if one renamed it one could tell if the firewall could tell the difference between an approved application and another app using the same file name to try and avoid detection. LT basically tested if a firewall had outbound monitoring and app control.

    The proxy loopback issue isn't so much a matter of application hijacking, but is a loophole in the firewall's outbound app permission monitoring and control. Normally, most firewalls would require an app to get approval to connect to the net on its own. As with AV updaters even if they use IE to connect to the net. The updater must be an approved app, regardless if it connects directly or uses IE to connect. When this loopback permission issue is present and a local proxy is used, some apps (presumably including malware) could use the proxy's connection to get out without the firewall noticing it and thus never flagging it for user approval. Thus a program updater, MS components or another thingy (spyware, malware, other programs) could connect out through the proxy without your knowledge since the loopback issue is present.

    So it's a matter of app control. One needn't have some clever trojan defeating the firewall in some intricate fashion when the proxy loopback issue is present. It could just go through the firewall without a peep as could other (legit) programs as well. It's a matter of which allows the user to better control what is allowed outbound connections when using a local proxy, a firewall that makes each app initially ask for permission or a firewall that has the loopback loophole and thus makes it much easier for programs to bypass the approval process and the user? That's the issue for many of us who use a local proxy.
     
  8. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Well put sig. :) have a cookie.

    I would Like to add a note on this loopback issue with sygate. I would assume that if you downloaded a program that was calling home and going through you local proxy it would get out undetected and you wouldn't even know it was calling home. :)
     
  9. manythanks

    manythanks Guest

    OK point taken, I think I keep making excuses up for Sygate and I know I should'nt but thanks anyway, back to ZA.

    Thanks
     
  10. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    Found this in the Sygate Forum.

    "When will SPF support the ability to control application access to "local proxy"
    Products:
    Sygate® Personal Firewall
    Sygate® Personal Firewall Pro


    Operating systems:
    All supported Operating Systems

    Details:


    With the current SPF 5.x architecture, support for the loopback adapter or "local proxy" does require major changes to one of the core product engines. This is considered a high risk fix with both high development costs and resource requirements. However, be assured that we are making progress towards addressing the local proxy issue. Sygate apologizes for the delay but has chosen the path towards fully addressing the issue, rather than issuing a patch or partial fix"
     
  11. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    We will just have to see what happens in the long run. Thanks Tag.
     
  12. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Just one more question about the loopback issue:

    If you use a proxy for let's say email download and have SPF ask for all programs on inet access you will get a warning that the proxy tries to connect, correct? That is the loopback issue is a security problem only when you are running a proxy which is allowed per se or used for all internet access...?


    Thanks,

    Karl
     
  13. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Correct. Sygate will see and prompt for the proxy accessing the Internet. It will not see or prompt for anything configured for access via the proxy on localhost.

    Regards,

    CrazyM
     
  14. Karl_Menshy

    Karl_Menshy Registered Member

    Joined:
    Apr 18, 2003
    Posts:
    135
    Thank you, CrazyM.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.